I am interested in deploying FreeIPA along with my company's software
to allow us to implement Single Sign On. All of our software is
deployed on Red Hat Enterprise Linux, so I would like to get the
FreeIPA server to run there (on RHEL 5). I am aware of Red Hat IPA,
but if I'm not mistaken, it is based on an earlier version that does
not have the ability to sync to Active Directory.

Most of the dependencies are available either from the official
package repositories or from EPEL, and Fedora/389 Directory Server has
its own repository for Enterpise Linux. However, there are two
packages that are unavailable: 'mod_nss >= 1.0.7-2' and 'slapi-nis'.
Looking at the commit (f018c2123c2b0018af5d41ec007ac8ddf0f04d31), it
appears that an earlier version of mod_nss is okay as long as we don't
need to pass it through mod_proxy. As far as I can tell, slapi-nis is
used for providing an NIS interface, which I don't think we need
(RHEL4 and RHEL5 clients should be able to use LDAP for user
information). Does this sound accurate, or is there anything I'm
missing? Would it be sufficient to remove these dependencies from the
RPM spec (for mod_nss just remove the version restriction) before I
build the package, or would I need to make other modifications? After
trying it (installing with 'rpm --nodeps'), it appears to work at
first glance.

Are there any other issues with running on RHEL 5 that I should be
aware of? Any comments on this configuration?

Thank you,
Sam Hartsfield

Freeipa-users mailing list

Reply via email to